Analytics

2/28/2019
12:05 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Bots Plague Ticketing Industry

Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.

While bad bots are a problem across many industries, the ticketing industry has experienced a dramatic increase in such traffic over the past couple of years. And much of that bad traffic occurs in our own backyard, with 85% of bad bots launched against ticketing companies originating in North America, according to a report released today by Distil Networks.

The report, "How Bots Affect Ticketing," also found the proportion of bad bots among ticketing companies has risen to 39.9% of all ticketing traffic. That's a notable increase from the 22.9% found in previous reports, and even that number was considered worse than the average for all industries.

Edward Roberts, director of product marketing at Distil Networks, says the number increased because of the greater number of ticketing companies included in this year's study, as well as the increase in volume of traffic analyzed.

"The sophistication of the bots and the ability of the organizations that propagate the bots to monetize them and survive as a business has also increased," Roberts says. "Whether it's brokers, scalpers, hospitality agencies, corporations, or criminals, they can lock down tickets, buy them at a cheaper price, and sell them at a premium on a secondary market."

Christopher Rodriguez, a research manager for cybersecurity products at IDC, says he has observed this kind of activity in many other industries, including retail, travel and hospitality, and financial services.

"That's why companies are looking at bot mitigation products such as from Distil, Akamai, PerimeterX, ShieldSquare, and Shape Security," Rodriguez says. "These products do device fingerprinting and tracking, looking how long a user dwells on a certain page, the movement of the mouse and how quickly they type, all in an effort to determine if the user is legitimate."

Criminals at Work
Though criminal elements are a much smaller share of the bad bot ticketing market compared with brokers, scalpers, and other companies, they seek to compromise customer accounts via credential stuffing, Distil's Roberts says.

By running stolen credentials against the login pages of ticketing platforms, bots identify the accounts where access was granted. Once inside the account, any stored tickets (usually two to four tickets at a time) can be stolen or transferred to another account. And once inside an account, any stored credit card and personal information could be stolen or used to commit fraud. The bots also steal customer loyalty points, a problem that has become prevalent with season ticket holders of European soccer teams.

"Ticketing companies need to pay attention to public data breaches because any time there's a major breach, the criminal will hit the names on that list," Roberts says. "Companies also need to consider blocking the known hosting providers for bot operators."

According to the report, ticketing has long experienced the evolution of the bot problem. As the ticketing industry moved online in the 1990s, it was the first industry to suffer from malicious bot operators using automated attacks to hold and scalp tickets. Following complaints by customers and increased pressure from artists, it was also the first industry to adopt legislation as an additional tool in the war on bad bots. In 2016, the US passed the Better Online Ticket Sales (BOTS) Act, which outlawed the resale of tickets purchased using bot technology and imposed fines. The UK, Australia, and parts of Canada have enacted similar legislation.

The latest report on the ticketing industry follows a report Distil issued last year on the airline industry, in which it found that 43.9% of all traffic on airlines websites came from bad bots, Roberts says

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
3/7/2019 | 7:20:02 AM
Re: External Requests
For comparison, I remember when my father's company subscribed to the old Sabre system for reservations and had an ancient (by today's standards) Western Union terminal (keyboard, roll of paper) in the office.  It was totally secure not only because there were not threats back then but it was so basic.  As we have gotten more complex we have sacrificed speed and covenience for security.  There is alot to be said for DOS 6.22 in some ways.  i could build a machine and do most of my basic work sans internet and you can just TURN IT OFF without shutdown.  (Side note - remember parking the heads? )
schopj
50%
50%
schopj,
User Rank: Apprentice
2/28/2019 | 1:06:57 PM
Re: External Requests
How exactly would Ticket Master restrict ticketing to only internal entities?  We're not talking about internal ticketing systems, we're talking about concert and airline ticket sales online getting hit with bots.  
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
2/28/2019 | 12:56:18 PM
External Requests
I would imagine this is prevalent for ticketing systems that allow external entities to submit requests. If you restrict ticketing to only internal entities and trusted clients you will see a downturn in this activity.

If you are seeing bot traffic originate internally then you have bigger problems.
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10091
PUBLISHED: 2019-03-21
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow XSS.
CVE-2018-10093
PUBLISHED: 2019-03-21
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
CVE-2017-2659
PUBLISHED: 2019-03-21
It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.
CVE-2017-16231
PUBLISHED: 2019-03-21
** DISPUTED ** In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of st...
CVE-2017-16232
PUBLISHED: 2019-03-21
** DISPUTED ** LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue.